Digital Trust Lead Auditor (London and Southeast)

We exist to create positive change for people and the planet. Join us and make a difference too!

As a Client Manager (Auditor) within the Information Security domain, you will represent BSI as a trusted expert, working closely with clients to assess the design, implementation, and effectiveness of their Information Security, Data Protection, and associated management systems. You will evaluate client controls against BSI and ISO/IEC standards (e.g., ISO/IEC 27001, 27701, 27017, 27018), identify opportunities for improvement, and provide clear, value driven insights that help clients enhance their security posture and organisational resilience. Following each assessment, you will produce a comprehensive business report that articulates both findings and actionable recommendations.

• Conduct third-party assessments of Information Security and associated management systems in accordance with BSI requirements and ISO/IEC standards.
• Evaluate information security controls—technical, organisational, procedural—and determine their effectiveness and alignment with risk management objectives.
• Communicate assessment outcomes to clients, ensuring clear understanding of decisions and required corrective actions.
• Recommend issuance, continuation, suspension, or withdrawal of certificates in line with BSI certification processes and governance requirements.

• Build strong, trusted relationships with client stakeholders, including CISOs, Data Protection Officers, IT leadership teams, and operational management.
• Support clients in understanding how security, governance, risk, and compliance improvements strengthen business resilience and performance.
• Identify opportunities to enhance client satisfaction and support business development initiatives through value-added insights.

• Demonstrable third-party audit or assurance experience.
• Minimum two years of industry experience in Information Security, IT governance, risk management, data protection, cybersecurity, or related technical environments.
• Strong knowledge of management system frameworks, particularly ISO/IEC 27001 and related security standards.
• Ability to interpret technical environments (cloud, networks, applications, data flows) and map them to management system and risk requirements.
• Experience producing detailed, high-quality reports that explain complex issues clearly.

• Sector-specific security qualifications or recognised industry credentials (e.g., CISSP, CISM, CISA, ISO/IEC 27001 Lead Auditor).
• Experience in Data Protection (e.g., GDPR, ISO/IEC 27701).
• Knowledge of cloud security frameworks or controls (e.g., ISO/IEC 27017/27018, CSA CCM).
• Awareness of Artificial Intelligence governance, risks, and ethical considerations.
• Understanding of cybersecurity fundamentals and emerging threat landscapes.

BSI is a business improvement and standards company and for over a century BSI has been recognized for having a positive impact on organizations and society, building trust and enhancing lives. Today BSI partners with more than 77,500 clients in 195 countries and engages with a 15,000 strong global community of experts, industry and consumer groups, organizations and governments. Utilizing its extensive expertise in key industry sectors - including automotive, aerospace, built environment, food and retail, and healthcare - BSI delivers on its purpose by helping its clients fulfil theirs. Living by our core values of Client-Centricity, Agility, and Collaboration, BSI provides organizations with the confidence to grow by partnering with them to tackle society's critical issues - from climate change to building trust in digital transformation and everything in between - to accelerate progress towards a better society and a sustainable world. BSI is an Equal Opportunity Employer dedicated to fostering a diverse and inclusive workplace.